Posted on 10-05-2018 07:05 AM
I've had enough of Macs being bound to AD here in my environment. I've been looking at NoMAD, it seems great, but as far as I can tell there's no way to mount network drives based on user AD membership.
My question is this. Is there anyone that's using NoMAD and somehow mounting network drives based on AD user membership? I know that there's some info about making a plist to do mappings with NoMAD but it doesn't seem to be able to do what I need and the documentation is not great.
Maybe someone has a script that is able to do this? Or if someone can point me in the right direction that would be great as well, thanks.
Posted on 10-05-2018 08:22 AM
Yes there is a script by David akland I think it is called mountshare or something similar it will check the ad group membership it’s an excellent script with the ability to insert the options you will get it on github
Posted on 10-05-2018 08:27 AM
Posted on 10-05-2018 03:03 PM
Hi yes it’s the second one it works I used it on a deployment the macs will need to be connected to ad to ensure the groups can be searched
Posted on 10-05-2018 03:35 PM
You could also just use the smb://share.domain.com/ command in a jamf policy scoped to the limitations of LDAP groups. Also works in self service quite well.
Posted on 10-05-2018 05:08 PM
I have been happy with how NoMAD and its shares work, in short when a user logs into nomad if they have access to any shares a new item will appear in the list called "File Shares" and then each share you have setup and they are they are in one of the approved "Groups" will appear in that sub section.
Here is a little snippet of some of my shares config.
Link to snippet
Posted on 10-05-2018 07:46 PM
We are also using NoMAD and I am quite happy with it. Does anybody know why it takes up to a minute to ping AD and sign in the user to get the green tick mark? We have a series of scripts to mount the users network home and our data drive and sometimes a user will get prompted for a username/password to access that drive. It happens about 1 in 10 logins, but can be annoying. I was thinking about add a sixty second delay to the script to prevent this. Is there some way to "kick start" NoMAD?
Thanks for any insights,
Posted on 10-06-2018 03:30 AM
@jared_f Have you tried using the autoMount key in the shares config? "AutoMount – Bool – Is the share automatically mounted."
Sounds like nomad hasn't made kerberos ticket yet, you might be able to use some of NoMADS apple events to help script this or a bash loop checking the result on klist?
Maybe something like:
Posted on 10-06-2018 08:09 PM
From my understanding (I'm in process of testing, but haven't gotten that far yet) with NoMAD you just use this key in your shares configuration for NoMAD:
Groups – [String] – An array of AD group names. This share will only auto-mount for members of that group.
It's on the page you linked.
Posted on 10-24-2018 05:31 AM
Thanks for all the response. I'm going to do some more testing. @ryanj I'm really hoping that automount works, that would be amazing.
Posted on 10-29-2018 07:54 AM
I've been messing with this a bit more, for some reason I still can't get the AD shares to mount using the noMAD share plist. I'm testing on a Mac that is not bound to AD, I'm able to connect to the share manually without issue. Below is an example of the modified part of the plist that I borrowed from @ryanj , thanks for posting that snippet btw :)
I assume I would want AutoMount set to true?
<key>AutoMount</key> <true/> <key>ConnectedOnly</key> <true/> <key>Groups</key> <array> <string>AD_Group_Name</string> </array> <key>LocalMount</key> <string></string> <key>Name</key> <string>AD_Group_Name</string> <key>Options</key> <array/> <key>URL</key> <string>smb://file-server/Shr-Test</string>
Posted on 10-29-2018 04:21 PM
I couldn't find anything really wrong with that you had posted at one point it complained about some formatting but that was probably just me pulling it from the forum, be sure you have the full plist header as I have done below.
The best way to diagnose problems with NoMAD is to launch the binary in the terminal so you can see the logs, for example if your nomad app is in the applications folder just copy paste this into the terminal:
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>Shares</key> <array> <dict> <key>AutoMount</key> <true/> <key>ConnectedOnly</key> <true/> <key>Groups</key> <array> <string>Admin</string> </array> <key>LocalMount</key> <string></string> <key>Name</key> <string>Share</string> <key>Options</key> <array/> <key>URL</key> <string>smb://server/share</string> </dict> </array> <key>Version</key> <string>1</string> </dict> </plist>